File image. (Lisa Pickoff-White/KQED)
File image. (Lisa Pickoff-White/KQED)

LinkedIn’s Intro app looks really slick. The company boasts that it’s done the impossible by creating a product that automatically adds LinkedIn profile information to mail you receive in Apple’s iOS Mail client.

Say a stranger sends you an email. With Intro installed on your iPhone or iPad, you’ll be to see that person’s LinkedIn profile in the message and know whether they’re really a CEO trying to hire you or some sort of fake.

But cybersecurity experts and tech analysts are warning that Intro poses a profound threat to individual and corporate privacy.

Vincent Liu, with the firm Bishop Fox, says the Intro app is a data grab that amounts to “hijacking email.” He published a fairly confrontational blog post about it today.

Once a user installs Intro, the app redirects email through LinkedIn servers so that the company can revise the emails to display a sender’s LinkedIn information. The app doesn’t otherwise alter the message contents.

“Still, it’s a major privacy and security issue because you’re giving LinkedIn access to every single email you get on your phone,” Liu said. “They don’t say what exactly they would store from each email, but just trust them to do the right thing.”

Liu says Intro gives LinkedIn “NSA-level” access to users’ email. The way the app works could also breach attorney-client privilege and doctor-patient confidentiality and violate a standard business rule that employees don’t let third parties read internal emails.

LinkedIn points out the app is an opt-in product, one “that helps you be brilliant with people.” If your boss forbids it or you don’t want it, then simply don’t install it.

The company says it’s not currently storing messages or analyzing emails for, say, key advertising words, the way Google’s Gmail and Yahoo Mail do.

But according to LinkedIn, there’s no language in the company’s privacy policy that expressly forbids them from doing that in the future.

Sponsored by

Become a KQED sponsor